使用 SpringAMQP 时，RabbitMQ SSL 导致握手失败 [英] RabbitMQ SSL giving handshake failure when using SpringAMQP

问题描述

我使用以下配置安装了rabbitMQ

<预><代码>[{兔子， [{ssl_listeners, [5671]},{ssl_options, [{cacertfile,"C:\\dev\\rabbitcert\\testca\\cacert.pem"},{certfile,"C:\\dev\\rabbitcert\\server\\cert.pem"},{keyfile,"C:\\dev\\rabbitcert\\server\\key.pem"},{验证，verify_peer}，{fail_if_no_peer_cert,false}]}]}].

我正在实例化连接工厂(数据替换为虚拟):

私有静态ConnectionFactory getConnectionFactoryForQueue(){com.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();connectionFactory.setUsername("用户");connectionFactory.setHost("MyIpAddress.0.1.1");connectionFactory.setPassword("pass");connectionFactory.setPort(5671);connectionFactory.setVirtualHost("/");SsmProtos.SSLDetails ssl = listener.getSslDetails();char[] keyPassphrase = "keyPassPhrase".toCharArray();尝试 {KeyStore ks = KeyStore.getInstance("PKCS12");ks.load(new FileInputStream("path/to/keycert.p12"), keyPassphrase);KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");kmf.init(ks, keyPassphrase);char[] trustPassphrase = "trustPassPhrase".toCharArray();KeyStore tks = KeyStore.getInstance("JKS");tks.load(new FileInputStream("path/to/trust/store"), trustPassphrase);TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");tmf.init(tks);SSLContext c = SSLContext.getInstance("SSLv3");c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);connectionFactory.useSslProtocol(c);} catch (NoSuchAlgorithmException | CertificateException | IOException |UnrecoverableKeyException |密钥库异常 |密钥管理异常 e) {throw new IllegalArgumentException("设置 SSL 失败",e);}返回新的缓存连接工厂(连接工厂)；}

当我尝试连接时，我从 Java 端收到以下错误

遇到的错误:在类 com.ixaris.ssm.server.service.ServerConfiguration 中定义名称为getSsmRequestAmqpAdmin"的 bean 创建时出错:bean 实例化失败；嵌套异常是 org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法 [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] 抛出异常；嵌套异常是 org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv 失败org.springframework.beans.factory.BeanCreationException:在 com.ixaris.ssm.server.service.ServerConfiguration 类中定义的名称为getSsmRequestAmqpAdmin"的 bean 创建时出错:bean 实例化失败；嵌套异常是 org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法 [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] 抛出异常；嵌套异常是 org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv 失败在 org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:597)在 org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1094)引起:org.springframework.beans.factory.BeanDefinitionStoreException:工厂方法[public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()]抛出异常；嵌套异常是 org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv 失败在 org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:188)在 org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:586)引起:org.springframework.amqp.AmqpIOException:java.net.SocketException:软件导致连接中止:recv failed在 org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:63)在 org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:195)引起:java.net.SocketException:软件导致连接中止:接收失败在 java.net.SocketInputStream.socketRead0(本机方法)在 java.net.SocketInputStream.read(SocketInputStream.java:150)

rabbitMQ 日志中出现以下内容(192.168.24.75 是我的 IP)

=信息报告==== 2014 年 8 月 14 日::11:25:07 ===接受 AMQP 连接 <0.272.0>(192.168.24.75:49860 -> 192.168.24.75:5671)=错误报告==== 2014 年 8 月 14 日::11:25:08 ===SSL:证明:ssl_handshake.erl:1391:致命错误:握手失败=错误报告==== 2014 年 8 月 14 日::11:25:13 ===AMQP 连接 <0.272.0> 上的错误:{ssl_upgrade_error,{tls_alert,"握手失败"}}

目前应用程序和队列都在我的机器上.我在防火墙上打开了 TCP 端口 5671 和 5672.

我错过了什么吗?

解决方案

问题不在于代码，而在于我的 Keycert 的路径我使用的是服务器证书而不是客户端证书.

I have rabbitMQ installed using the following configuration

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"C:\\dev\\rabbitcert\\testca\\cacert.pem"},
                    {certfile,"C:\\dev\\rabbitcert\\server\\cert.pem"},
                    {keyfile,"C:\\dev\\rabbitcert\\server\\key.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

And i am Instantiating the Connection Factory as such (data replaced with dummy):

private static ConnectionFactory getConnectionFactoryForQueue(){
        com.rabbitmq.client.ConnectionFactory connectionFactory = new com.rabbitmq.client.ConnectionFactory();
        connectionFactory.setUsername("user");
        connectionFactory.setHost("MyIpAddress.0.1.1");
        connectionFactory.setPassword("pass");
        connectionFactory.setPort(5671);
        connectionFactory.setVirtualHost("/");
        SsmProtos.SSLDetails ssl = listener.getSslDetails();
        char[] keyPassphrase = "keyPassPhrase".toCharArray();
        try {
            KeyStore ks = KeyStore.getInstance("PKCS12");
            ks.load(new FileInputStream("path/to/keycert.p12"), keyPassphrase);

            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, keyPassphrase);

            char[] trustPassphrase = "trustPassPhrase".toCharArray();
            KeyStore tks = KeyStore.getInstance("JKS");
            tks.load(new FileInputStream("path/to/trust/store"), trustPassphrase);

            TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
            tmf.init(tks);

            SSLContext c = SSLContext.getInstance("SSLv3");
            c.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
            connectionFactory.useSslProtocol(c);

        } catch (NoSuchAlgorithmException | CertificateException | IOException | 
                UnrecoverableKeyException | KeyStoreException | KeyManagementException e) {
            throw new IllegalArgumentException("Failed Setting up SSL",e);
        }
    return new CachingConnectionFactory(connectionFactory);
}

When I try to connect I get the following error from the Java side

Errors encountered:Error creating bean with name 'getSsmRequestAmqpAdmin' defined in class com.ixaris.ssm.server.service.ServerConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] threw exception; nested exception is org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'getSsmRequestAmqpAdmin' defined in class com.ixaris.ssm.server.service.ServerConfiguration: Instantiation of bean failed; nested exception is org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] threw exception; nested exception is org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:597)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1094)
Caused by: org.springframework.beans.factory.BeanDefinitionStoreException: Factory method [public org.springframework.amqp.core.AmqpAdmin com.ixaris.ssm.shared.busobject.ServerInfoConfiguration.getSsmRequestAmqpAdmin()] threw exception; nested exception is org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:188)
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:586)
Caused by: org.springframework.amqp.AmqpIOException: java.net.SocketException: Software caused connection abort: recv failed
    at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:63)
    at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:195)

Caused by: java.net.SocketException: Software caused connection abort: recv failed
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java:150)

And the following appears on the rabbitMQ Logs (192.168.24.75 is my IP)

=INFO REPORT==== 14-Aug-2014::11:25:07 ===
accepting AMQP connection <0.272.0> (192.168.24.75:49860 -> 192.168.24.75:5671)

=ERROR REPORT==== 14-Aug-2014::11:25:08 ===
SSL: certify: ssl_handshake.erl:1391:Fatal error: handshake failure

=ERROR REPORT==== 14-Aug-2014::11:25:13 ===
error on AMQP connection <0.272.0>:
{ssl_upgrade_error,{tls_alert,"handshake failure"}}

Both the application and the queue are on my machine at the moment. I have opened up TCP ports 5671 and 5672 on my firewall.

Am I missing something?

解决方案

The issue was not in that code, but rather with the path to my Keycert I was using the Server Certificate rather than the Client Certificate.

这篇关于使用 SpringAMQP 时，RabbitMQ SSL 导致握手失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！